[sudo-users] sudo v1.7.1 runas group allows runas any user
Todd C. Miller
Todd.Miller at courtesan.com
Sat May 9 20:57:49 EDT 2009
In message <EAAB8BFF1D052A44830B467F3E9FB6B70799FB4B at zuk35exm64.ds.mot.com>
so spake "Blazejewski Marcin-AMB107" (marcin.blazejewski):
> Is this a bug or am I missing something? How can I restrict uid
> escalation?
> I'm using RHEL5, i686, sudo v1.7.1, only "--prefix+ option used duing
> the build.
This is a bug that was introduced in sudo 1.7.1. The following diff
fixes it.
- todd
Index: sudo.c
===================================================================
RCS file: /home/cvs/courtesan/sudo/sudo.c,v
retrieving revision 1.511
diff -u -r1.511 sudo.c
--- sudo.c 18 Apr 2009 23:25:08 -0000 1.511
+++ sudo.c 10 May 2009 00:56:44 -0000
@@ -826,7 +826,7 @@
if (!update_defaults(SETDEF_CMND))
log_error(NO_STDERR|NO_EXIT, "problem with defaults entries");
- if (!runas_user)
+ if (!runas_user && !runas_group)
set_runaspw(def_runas_default); /* may have been updated above */
return(rval);
More information about the sudo-users
mailing list